Vanux wrote:How do I use Brutus?
Don't. Write your own (for the reason of understanding what's going on) or failing that, use THC-Hydra.
Vanux wrote:Not a specific function, just all of it.
Very globally, it just tries username and password combinations until it finds one that works. Essentially everything in there is to configure what protocols and functions you want it to use. (This is pretty much the same for Hydra btw.)
Vanux wrote:I'm trying to at least get it to grab my own tumblr account
It probably never will. Maybe if you give it one username and two passwords to try it won't trigger their brute force protection, MAYBE.
Vanux wrote:so I can make sure it works and works well.
It's often not so simple to get it to work on modern websites. It requires quite a bit of knowledge about how HTTP works in general to figure out exactly what and where to send your auth attempts. And even then you'll often be dealing with things like CSRF tokens, which Brutus simply has no way to deal with.
Vanux wrote:If it's not good to use anymore, what would you recommend
Brutus' last update was some 17 years ago. Needless to say websites have changed since then and a lot of protection measures modern websites have are just not supported. And even when it was new, it still wasn't THAT good of a tool. Also pretty much any sensible modern website will have protection measures preventing you from just trying usernames and passwords endlessly. Generally they will start blocking you for a while after 3 to 5 failed login attempts. See my earlier response on what I'd recommend.
Vanux wrote:and are there any tutorials?
There sure are! I would point you got Google, but that shtick is getting pretty old. I'll pick a short write up on the basic usage of hydra ... almost at random; https://github.com/radicallyopensecurit ... ing/online
Vanux wrote:I plan to be a white or grey hat hacker.
Great! We need more. But I'd say take quite a few steps back and start with way more basic computer science and programming stuff. Hacking isn't about pointing tools at a website and hoping for the best. You need to know more about the system than the person that made it so you can spot the mistakes they missed. Then you know what and how you can attack, and THEN you can effectively use a tool to just make it easier for yourself.